These rules enable allowance of network traffic between individual Kerio Personal Firewall components during local or remote administration, connections to Kerio Technologies registration or check-for-new-version servers, etc.
Internal network traffic rules are hidden — they are not displayed in Personal Firewall GUI.
This rule enables connection of the Personal Firewall GUI to the Personal Firewall Engine. If remote administration is allowed (see chapter 6.3. Preferences), connections from any host are allowed. If not, only connection from local host is enabled.
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Rem. adm. enabled | kpf4ss.exe | incoming | TCP+UDP | 44334 | any |
| Rem. adm. disabled | kpf4ss.exe | incoming | TCP+UDP | 44334 | localhost |
This rule enables the Personal Firewall GUI to connect to the Personal Firewall Engine (connection to local administration).
Note: This rule allows only local connections (i.e. connections to the Personal Firewall Engine installed on the same computer). In case of remote administration, the Personal Firewall GUI is considered as a standard network application and network traffic policy is applied (see chapter 7. Network Security).
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Unconditional | kpf4gui.exe | outgoing | TCP+UDP | 44334 | any |
This rule allows the Personal Firewall Engine to connect to the Personal Firewall GUI (displaying of dialogs, notices, warning messages, etc.).
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Rem. adm. enabled | kpf4ss.exe | outgoing | TCP+UDP | any | any |
| Rem. adm. disabled | kpf4ss.exe | outgoing | TCP+UDP | any | localhost |
This rule allows Kerio Personal Firewall components to send DNS queries to any DNS server. DNS queries are used for mapping of host names which are later used for various purposes, such as displaying in Personal Firewall GUI, resolution of destination IP addresses when accessing a remote administration, etc.
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Unconditional | kpf4ss.exe | both | UDP | 53 | any |
| Unconditional | kpf4gui.exe | both | UDP | 53 | any |
If sending of crashdump files to Kerio Technologies (see chapter 6.3. Preferences) is enabled, this rule allows sending files to a corresponding server.
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Sending allowed | assist.exe | outgoing | TCP | any | crashes.kerio.com |
If pop-up blocking is enabled (see chapter 14.1. The
Ad Blocking tab), a special script is used for
corresponding webpages that sends Personal Firewall Engine
information about blocked pages. Traffic is performed by TCP protocol through
a special port (44501).
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Unconditional | any | outgoing | TCP | 44501 | localhost |
This rule allows to access download servers where new versions of Kerio Personal Firewall are available.
Note: Server is not specified since various servers can be used for this purpose.
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Proxy server | kpf4ss.exe | outgoing | TCP | proxy_port* | proxy_ip* |
| Direct access | kpf4ss.exe | outgoing | TCP | any | any |
*) Resolution of IP address and port's proxy server is performed automatically by the Kerio Personal Firewall (the information is resolved from configuration of the operating system).
This rule enables registration of Kerio Personal Firewall license (see chapter 3.2. Product registration) on a corresponding server.
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Proxy server | kpf4ss.exe | outgoing | TCP | prx_port* | prx_ip* |
| Direct access | kpf4ss.exe | outgoing | TCP | 443 | secure.kerio.com |
*) Resolution of IP address and port's proxy server is performed automatically by the Kerio Personal Firewall (the information is resolved from configuration of the operating system).
If logging to Syslog server (refer to chapter 16.3. Log Options) is enabled, this rule enables connection of the Personal Firewall Engine to the Syslog server.
| Condition | Application | Direction | Protocol | Rem. port | Rem. address |
|---|---|---|---|---|---|
| Syslog enabled | kpf4ss.exe | outgoing | UDP | sslg_port* | sslg_ip* |
*) IP address and port of the Syslog server specified in the Syslog section of the Settings tab.